How to Secure /tmp Directory

Jithin

27 Feb 2017

In this tutorial we can check how to secure /tmp directory.

Securing or hardening tmp involves a large role in securing your server from external attacks. All applications use /tmp directory to store the data temporarily. There is a chance to attack the server using Trojans if it’s not secured properly. Temp hardening restricts all activities on /tmp. This prevents the attacker from executing code within the /tmp folder. The hacker tries to inject malicious scripts into /tmp folder through the web application exploit and they try to execute this file on the server bringing it down. When we harden the /tmp folder using nexus mode the user will not able to execute the script and it will prevent these types of attacks.

tmp hardening

Before doing any change in fstab we need to take the backup of that file using the command below.

# cp -p /etc/fstab /etc/fstab.back

Follow the below steps to hardening your /tmp directory.

1) Creating /tmp as a different partition.

By default, /tmp folder has all permissions such as read, write, and execute. This is the main reason why the server becomes vulnerable. We need to secure /tmp folder in a different partition. If an attacker gets access to /tmp folder he would not able to access the system file. The space allocation depends up on your server. Here I am creating a partition of 100M size and ext3 filesystem.

# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=100000

# mke2fs –j /dev/tmpFS

2) Create a backup of existing /tmp folder.

# cp -rp /tmp /tnp.back

3) Change /tmp to non-executable.

Make the /tmp no exec in /etc/fstab and mount it. It will prevent the server from being hacked via /tmp folder.

# chmod 1777 /tmp

4) Copy all old data to /tmp folder by using the command below.

# cp –rf /tmp.back/* /tmp

5) Add the below line to fstab

# vi /etc/fstab

/dev/tmpFS /tmp ext3 loop,nosuid,noexec,rw 0 0

6) Mount the partition.

# mount -a

Congrats you are now protected your /tmp directory from attacks.

Hardening /tmp on cPanel

cPanel has a custom script for hardening /tmp folder. You can just run this script on command line for securing /tmp folder.

# /scripts/securetmp

/var/tmp Hardening

We need to move all data in /var/tmp to a backup file.

# mv /var/tmp /var/tmp.backup

Create a symlink of /var/tmp to /tmp.

# ln -s /tmp /var/tmp

Copy old contents back to /var/tmp folder.

# mv /var/tmp.backup /var/tmp

/dev/shm Hardening

Edit the /etc/fstab and remount the /dev/shm as non-executable.

# vi /etc/fstab

tmpfs /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Mount the partition.

# mount -a

Install ModSecurity on server

ModSecurity is a firewall which protect your server from various script attack that can be found from web application. ModSecurity is also play an important role in securing /tmp folder.